platform/x86: dell-ddv: Improve buffer handling

When the DDV interface returns a buffer, it actually returns a acpi buffer containing an integer (buffer size) and another acpi buffer (buffer content). The size of the buffer may be smaller than the size of the buffer content, which is perfectly valid and should not be treated as an error. Also use the buffer size instead of the buffer content size when accessing the buffer to prevent accessing bogus data. Tested on a Dell Inspiron 3505. Signed-off-by: Armin Wolf <W_Armin@gmx.de> Link: https://lore.kernel.org/r/20221102212336.380257-1-W_Armin@gmx.deReviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>

platform/x86: dell-ddv: Improve buffer handling
When the DDV interface returns a buffer, it actually returns a acpi buffer containing an integer (buffer size) and another acpi buffer (buffer content). The size of the buffer may be smaller than the size of the buffer content, which is perfectly valid and should not be treated as an error. Also use the buffer size instead of the buffer content size when accessing the buffer to prevent accessing bogus data. Tested on a Dell Inspiron 3505. Signed-off-by: Armin Wolf <W_Armin@gmx.de> Link: https://lore.kernel.org/r/20221102212336.380257-1-W_Armin@gmx.deReviewed-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com>
84fa20c2 · Armin Wolf · Hans de Goede · 93b962dd · 84fa20c2
Commit 84fa20c2 authored Nov 02, 2022 by Armin Wolf Committed by Hans de Goede Nov 16, 2022
Show whitespace changes
Inline Side-by-side

Showing with 7 additions and 5 deletions

drivers/platform/x86/dell/dell-wmi-ddv.c drivers/platform/x86/dell/dell-wmi-ddv.c +7 -5

No files found.
--- a/drivers/platform/x86/dell/dell-wmi-ddv.c
+++ b/drivers/platform/x86/dell/dell-wmi-ddv.c
@@ -129,9 +129,9 @@ static int dell_wmi_ddv_query_buffer(struct wmi_device *wdev, enum dell_ddv_meth
 	if (obj->package.elements[1].type != ACPI_TYPE_BUFFER)
 		goto err_free;
-	if (buffer_size != obj->package.elements[1].buffer.length) {
+	if (buffer_size > obj->package.elements[1].buffer.length) {
 		dev_warn(&wdev->dev,
-			 FW_WARN "ACPI buffer size (%llu) does not match WMI buffer size (%d)\n",
+			 FW_WARN "WMI buffer size (%llu) exceeds ACPI buffer size (%d)\n",
 			 buffer_size, obj->package.elements[1].buffer.length);
 		goto err_free;
@@ -271,15 +271,17 @@ static int dell_wmi_ddv_buffer_read(struct seq_file *seq, enum dell_ddv_method m
 	struct device *dev = seq->private;
 	struct dell_wmi_ddv_data *data = dev_get_drvdata(dev);
 	union acpi_object *obj;
-	union acpi_object buf;
+	u64 size;
+	u8 *buf;
 	int ret;
 	ret = dell_wmi_ddv_query_buffer(data->wdev, method, 0, &obj);
 	if (ret < 0)
 		return ret;
-	buf = obj->package.elements[1];
+	size = obj->package.elements[0].integer.value;
-	ret = seq_write(seq, buf.buffer.pointer, buf.buffer.length);
+	buf = obj->package.elements[1].buffer.pointer;
+	ret = seq_write(seq, buf, size);
 	kfree(obj);
 	return ret;